Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8847

SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines

    Details

    • Steps to Reproduce:
      Hide

      1. find name of your interface

      ip -4 addr

      2. retgister 2 virtual IP addresses

      sudo ifconfig enp0s25:0 192.168.1.16    
      sudo ifconfig enp0s25:1 192.168.1.17
      

      3. Configure IBM java on path
      4. Run testsuite with second virtual address

      ./integration-tests.sh -Dmaven.test.failure.ignore=true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile=false -Dnode0=192.168.1.17
      Show
      1. find name of your interface ip -4 addr 2. retgister 2 virtual IP addresses sudo ifconfig enp0s25:0 192.168.1.16 sudo ifconfig enp0s25:1 192.168.1.17 3. Configure IBM java on path 4. Run testsuite with second virtual address ./integration-tests.sh -Dmaven.test.failure.ignore= true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile= false -Dnode0=192.168.1.17

      Description

      IBM java sends address in delegated kerberos ticket. ApacheDS includes this address into ticket and check that address with address of client (taken from connection). On some machines, these addresses doesn't match.

      Those are machines when there are several virtual IPs and if node0 is set to non-first IP address, ApacheDS address check fails.

      See details in https://issues.apache.org/jira/browse/DIRSERVER-2156

      15:14:11,302 ERROR [io.undertow.request] (default task-32) UT005023: Exception handling request to /f1eb2aa6-5139-4bce-bad8-ad9a49d3912f/protected/PropagateIdentityServlet: javax.servlet.ServletException: Propagation failed.
      	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:87)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
      	at java.lang.Thread.run(Thread.java:785)
      Caused by: org.ietf.jgss.GSSException, major code: 11, minor code: 0
      	major string: General failure, unspecified at GSSAPI level
      	minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 38
      	message: Incorrect net address
      	at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:33)
      	at com.ibm.security.jgss.mech.krb5.g.a(g.java:23)
      	at com.ibm.security.jgss.mech.krb5.g.initSecContext(g.java:814)
      	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:337)
      	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:437)
      	at org.jboss.eapqe.krbldap.utils.krb.GSSTestClient.getName(GSSTestClient.java:100)
      	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:85)
      	... 32 more
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mchoma Martin Choma
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: